MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e503342cd629d8f7d63fa85e0481061a54abf8315ae757941aefc0da817a00c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e503342cd629d8f7d63fa85e0481061a54abf8315ae757941aefc0da817a00c
SHA3-384 hash: bf95513677b74215b18ae8d8a978d6130948ec67620995cde0ec5b1ad579b32a5d3fdfd0061be9d35fb3472872d2951f
SHA1 hash: c4e742c7c27dd56170b864299eeded4172dd1358
MD5 hash: 027058f56b928c03bb465799277e37ed
humanhash: ohio-red-indigo-august
File name:Ödeme bildirimi onayı 55.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:260'250 bytes
First seen:2020-08-05 09:28:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:k8q2TmJldIEMnhrz6N7tdiSSbOcu2ON6QHOnV93QlUj50gs:k8PKJ7IFrzy7viM2a6QwV93QlUjOH
TLSH A64423CF79D74B917FE7E75D8A24092370C54F080E1C40A26C89DB860BED99EB052A7E
Reporter abuse_ch
Tags:AgentTesla geo rar TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.linux54.papaki.gr
Sending IP: 88.198.36.156
From: Luka Ribaric - TMC SHIPPING <luka.ribaric@gmail.com>
Subject: Ödeme bildirimi onayı
Attachment: Ödeme bildirimi onayı 55.rar (contains "Ödeme bildirimi onayı 55.exe")

AgentTesla FTP exfil server:
ftp.classeeformas.com:21

AgentTesla FTP exfil user name:
mannn@classeeformas.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e503342cd629d8f7d63fa85e0481061a54abf8315ae757941aefc0da817a00c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 09:30:08 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzidgqwnmkoy67ld7kc6asaqmgsuvp4dcwxhk6kbv36a3kaxuaga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3e503342cd629d8f7d63fa85e0481061a54abf8315ae757941aefc0da817a00c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3e503342cd629d8f7d63fa85e0481061a54abf8315ae757941aefc0da817a00c

(this sample)

AgentTesla

Executable exe 1471fb6ebe640cdba773d77a476e877aa1d1b1c651810bcf2a0288c59e1d49aa

  
Dropping
MD5 f2c15a28c74e0c5f92dd20651084c29d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1471fb6ebe640cdba773d77a476e877aa1d1b1c651810bcf2a0288c59e1d49aa

Comments